{"id":35478231,"url":"https://github.com/certwatch-app/cw-agent","last_synced_at":"2026-01-13T22:55:37.876Z","repository":{"id":331335137,"uuid":"1125458865","full_name":"certwatch-app/cw-agent","owner":"certwatch-app","description":"SSL/TLS certificate monitoring agent for Kubernetes and on-prem infrastructure. Scan certificates, detect expiration, validate chains, and sync to CertWatch cloud.","archived":false,"fork":false,"pushed_at":"2026-01-03T20:43:18.000Z","size":272,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-06T12:30:37.373Z","etag":null,"topics":["certificate","cli","cloud-native","devops","golang","kubernetes","monitoring","security","sre","ssl","tls"],"latest_commit_sha":null,"homepage":"https://certwatch.app","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/certwatch-app.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-30T19:05:21.000Z","updated_at":"2026-01-04T13:34:37.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/certwatch-app/cw-agent","commit_stats":null,"previous_names":["certwatch-app/cw-agent"],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/certwatch-app/cw-agent","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/certwatch-app%2Fcw-agent","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/certwatch-app%2Fcw-agent/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/certwatch-app%2Fcw-agent/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/certwatch-app%2Fcw-agent/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/certwatch-app","download_url":"https://codeload.github.com/certwatch-app/cw-agent/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/certwatch-app%2Fcw-agent/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28399388,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-13T14:36:09.778Z","status":"ssl_error","status_checked_at":"2026-01-13T14:35:19.697Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","cli","cloud-native","devops","golang","kubernetes","monitoring","security","sre","ssl","tls"],"created_at":"2026-01-03T13:15:28.211Z","updated_at":"2026-01-13T22:55:37.871Z","avatar_url":"https://github.com/certwatch-app.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\".github/banner.png\" alt=\"CertWatch Agent - SSL/TLS Certificate Monitoring\" width=\"100%\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/certwatch-app/cw-agent/actions/workflows/ci.yml\"\u003e\u003cimg src=\"https://github.com/certwatch-app/cw-agent/actions/workflows/ci.yml/badge.svg\" alt=\"CI\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/certwatch-app/cw-agent/actions/workflows/release.yml\"\u003e\u003cimg src=\"https://github.com/certwatch-app/cw-agent/actions/workflows/release.yml/badge.svg\" alt=\"Release\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://goreportcard.com/report/github.com/certwatch-app/cw-agent\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/certwatch-app/cw-agent\" alt=\"Go Report Card\"\u003e\u003c/a\u003e\n  \u003ca href=\"LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-Apache%202.0-blue.svg\" alt=\"License\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://artifacthub.io/packages/search?repo=cw-agent\"\u003e\u003cimg src=\"https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/cw-agent\" alt=\"Artifact Hub\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003eMonitor all your SSL/TLS certificates in one place.\u003c/b\u003e\u003cbr\u003e\n  CertWatch Agent syncs certificate data from your infrastructure to the \u003ca href=\"https://certwatch.app\"\u003eCertWatch\u003c/a\u003e cloud dashboard for unified monitoring, alerting, and expiry tracking.\n\u003c/p\u003e\n\n---\n\n## Features\n\n| Feature | Description |\n|---------|-------------|\n| **Network Scanning** | Monitor TLS certificates on any reachable endpoint |\n| **cert-manager Integration** | Watch Kubernetes certificates managed by cert-manager |\n| **Unified Dashboard** | See all certificates across clusters and environments |\n| **Expiry Alerts** | Get notified before certificates expire |\n| **Prometheus Metrics** | Export certificate metrics for monitoring |\n| **Helm Charts** | Production-ready Kubernetes deployment |\n| **Lightweight** | Single binary, minimal resources, secure defaults |\n\n## Architecture\n\n```mermaid\nflowchart LR\n    subgraph infra[\"Your Infrastructure\"]\n        endpoints[\"TLS Endpoints\"]\n        certmgr[\"cert-manager\u003cbr/\u003eCertificates\"]\n    end\n\n    subgraph agents[\"CertWatch Agents\"]\n        cwa[\"cw-agent\u003cbr/\u003e(Network Scanner)\"]\n        cwacm[\"cw-agent-certmanager\u003cbr/\u003e(K8s Controller)\"]\n    end\n\n    subgraph cloud[\"CertWatch Cloud\"]\n        dash[\"Dashboard\u003cbr/\u003eAlerts \u0026 Monitoring\"]\n    end\n\n    endpoints --\u003e cwa\n    certmgr --\u003e cwacm\n    cwa --\u003e dash\n    cwacm --\u003e dash\n```\n\n## Quick Start\n\n### CLI (Linux/macOS)\n\n```bash\n# Install\ncurl -sSL https://certwatch.app/install.sh | bash\n\n# Configure interactively\ncw-agent init\n\n# Start monitoring\ncw-agent start -c certwatch.yaml\n```\n\n### Docker\n\n```bash\ndocker run -v $(pwd)/certwatch.yaml:/etc/certwatch/certwatch.yaml \\\n  ghcr.io/certwatch-app/cw-agent:latest\n```\n\n### Kubernetes (Helm)\n\n```bash\n# Deploy both agents with shared API key\nhelm install certwatch oci://ghcr.io/certwatch-app/helm-charts/cw-stack \\\n  --namespace certwatch --create-namespace \\\n  --set global.apiKey.value=cw_your_api_key \\\n  --set agent.enabled=true \\\n  --set certManager.enabled=true \\\n  --set cw-agent.agent.name=network-scanner \\\n  --set cw-agent-certmanager.agent.name=k8s-cluster\n```\n\nSee [Kubernetes Guide](docs/kubernetes.md) for production deployment instructions.\n\n## Documentation\n\n| Guide | Description |\n|-------|-------------|\n| [Getting Started](docs/getting-started.md) | Installation and basic setup |\n| [CLI Reference](docs/cli-reference.md) | All commands and configuration options |\n| [Docker Guide](docs/docker.md) | Container deployment with Docker Compose |\n| [Linux Guide](docs/linux.md) | systemd service for local monitoring |\n| [Kubernetes Guide](docs/kubernetes.md) | Helm deployment and GitOps |\n| [cert-manager Integration](docs/cert-manager.md) | Monitor cert-manager certificates |\n| [Metrics \u0026 Observability](docs/metrics.md) | Prometheus metrics and health endpoints |\n| [Architecture](docs/architecture.md) | How CertWatch Agent works |\n\n## Helm Charts\n\n| Chart | Description | Documentation |\n|-------|-------------|---------------|\n| **cw-agent** | Network certificate scanner | [README](charts/cw-agent/README.md) |\n| **cw-agent-certmanager** | cert-manager controller | [README](charts/cw-agent-certmanager/README.md) |\n| **cw-stack** | Umbrella chart (deploy one or both) | [README](charts/cw-stack/README.md) |\n\nInstall from OCI registry:\n\n```bash\n# Individual charts\nhelm install cw-agent oci://ghcr.io/certwatch-app/helm-charts/cw-agent\nhelm install cw-agent-certmanager oci://ghcr.io/certwatch-app/helm-charts/cw-agent-certmanager\n\n# Umbrella chart (recommended)\nhelm install certwatch oci://ghcr.io/certwatch-app/helm-charts/cw-stack\n```\n\n## Configuration\n\n### Minimal Config\n\n```yaml\napi:\n  key: \"cw_your_api_key\"\n\nagent:\n  name: \"my-agent\"\n\ncertificates:\n  - hostname: \"example.com\"\n```\n\n### Full Config Reference\n\nSee [certwatch.example.yaml](certwatch.example.yaml) or the [CLI Reference](docs/cli-reference.md).\n\n## Prometheus Metrics\n\n| Metric | Description |\n|--------|-------------|\n| `certwatch_certificate_days_until_expiry` | Days until certificate expires |\n| `certwatch_certificate_valid` | Certificate validity (1=valid) |\n| `certwatch_scan_total` | Total scans by status |\n| `certwatch_sync_total` | Total syncs by status |\n\nSee [Metrics Reference](docs/metrics.md) for the complete list and alerting examples.\n\n## Running as a Service\n\n### systemd\n\n```ini\n[Unit]\nDescription=CertWatch Agent\nAfter=network.target\n\n[Service]\nType=simple\nUser=certwatch\nExecStart=/usr/local/bin/cw-agent start -c /etc/certwatch/certwatch.yaml\nRestart=always\n\n[Install]\nWantedBy=multi-user.target\n```\n\n### Docker Compose\n\n```yaml\nservices:\n  cw-agent:\n    image: ghcr.io/certwatch-app/cw-agent:latest\n    restart: unless-stopped\n    volumes:\n      - ./certwatch.yaml:/etc/certwatch/certwatch.yaml:ro\n```\n\n## Community\n\n- [GitHub Discussions](https://github.com/certwatch-app/cw-agent/discussions) - Questions and ideas\n- [Public Roadmap](https://certwatch.app/roadmap) - Vote on features\n- [Documentation](https://docs.certwatch.app) - Full documentation\n- [Report a Bug](https://github.com/certwatch-app/cw-agent/issues/new) - Found an issue?\n\n## Changelog\n\n### v0.5.0 (Current)\n\n- **cert-manager integration** - New `cw-agent-certmanager` controller for monitoring Kubernetes certificates\n- **cw-stack umbrella chart** - Deploy one or both agents with a single Helm release\n- **Global API key support** - Share API key configuration across subcharts\n- **PodDisruptionBudget** - High availability support for cert-manager controller\n- **Documentation overhaul** - New docs/ folder with comprehensive guides\n\n### v0.4.0\n\n- **Helm chart** - Official Helm chart for Kubernetes deployments via OCI registry\n- **Flexible API key config** - Support both inline `apiKey.value` and `apiKey.existingSecret`\n- **Secure K8s defaults** - Non-root, read-only filesystem, dropped capabilities\n- **GitOps ready** - ArgoCD and FluxCD examples included\n- **Prometheus ServiceMonitor** - Optional ServiceMonitor for Prometheus Operator\n\n### v0.3.0\n\n- **Prometheus metrics** - Certificate, scan, sync, and agent metrics at `/metrics`\n- **Health endpoints** - Kubernetes-ready `/healthz`, `/readyz`, `/livez`\n- **Heartbeat support** - Agent offline detection and alerting\n\n### v0.2.0\n\n- **Interactive setup** - `cw-agent init` wizard for configuration\n- **Agent state persistence** - Restart resilience and name change detection\n- **Certificate migration** - Certificates transfer during agent reset\n\n### v0.1.0\n\n- Initial release\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eFull Changelog\u003c/b\u003e\u003c/summary\u003e\n\n### v0.4.0\n\n- **Helm chart** - Official Helm chart for Kubernetes deployments via OCI registry\n- **Flexible API key config** - Support both inline `apiKey.value` and `apiKey.existingSecret` for production\n- **Secure K8s defaults** - Non-root, read-only filesystem, dropped capabilities\n- **GitOps ready** - ArgoCD and FluxCD examples included\n- **Prometheus ServiceMonitor** - Optional ServiceMonitor for Prometheus Operator users\n\n### v0.3.0\n\n- **Prometheus metrics** - Expose certificate, scan, sync, and agent metrics at `/metrics`\n- **Health endpoints** - Kubernetes-ready `/healthz`, `/readyz`, `/livez` endpoints\n- **Heartbeat support** - Configurable heartbeat interval for agent offline detection\n- **Init wizard updates** - New \"Observability\" step for metrics port and heartbeat interval\n- **Bug fixes** - Fixed Docker image tag, updated install script URL\n\n### v0.2.1\n\n- **Agent state persistence** - Agent ID stored in `.certwatch-state.json`\n- **Name change detection** - Warns when `agent.name` changes in config\n- **`--reset-agent` flag** - Reset state and migrate certificates to new agent\n- **`--yes` flag** - Skip confirmation prompts for CI/automation\n- **Unified CLI styling** - All commands now have consistent, polished output\n- **Smart certificate migration** - Certificates transfer during agent reset\n\n### v0.2.0\n\n- **`cw-agent init` command** - Interactive configuration wizard\n- **Non-interactive mode** - Create configs via environment variables\n- **Beautiful forms** - Powered by charmbracelet/huh\n\n### v0.1.0\n\n- Initial release\n- Certificate scanning and cloud sync\n- `start`, `validate`, `version` commands\n- Docker and systemd support\n\n\u003c/details\u003e\n\n## Contributing\n\nContributions are welcome! Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details.\n\n## License\n\nApache 2.0 - see [LICENSE](LICENSE) for details.\n\n## Third-Party Trademarks\n\nThe banner and documentation include logos of third-party projects for illustrative purposes:\n\n- **Docker** and the Docker logo are trademarks of Docker, Inc.\n- **Kubernetes** is a registered trademark of The Linux Foundation.\n- **Prometheus** is a Cloud Native Computing Foundation project.\n- **cert-manager** is a Cloud Native Computing Foundation project.\n- **Tux** logo by Larry Ewing (lewing@isc.tamu.edu) using The GIMP.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcertwatch-app%2Fcw-agent","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcertwatch-app%2Fcw-agent","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcertwatch-app%2Fcw-agent/lists"}